O'Reilly logo

Penetration Testing with Perl by Swizec Teller

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Cracking ZIP file passwords

During web penetration testing, we can often gather backup data in the form of a ZIP file. ZIP files that contain sensitive data, for instance, could possibly be encrypted. Let's take a look at how we can create a simple ZIP file password cracking program using Perl.

First off, we need to create a simple password-protected ZIP file to try this against. We will be using the Linux zip utility as follows:

zip backup.zip -re *

This will create a password-encrypted ZIP file after asking for and confirming the password we choose.

Now, let's use the Archive::Zip Perl module and create a simple brute force application that tries every dictionary word in our list to crack the password used to create the ZIP file:

#!/usr/bin/perl ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required